<?php
		
	/* SVN FILE: $Id: security.json.php 8 2011-03-13 08:32:38Z michele.andreoletti@gmail.com $ */
	
	/**
	 * Project Name : arcadia
	 *
	 * @author $Author: michele.andreoletti@gmail.com $
	 * @version $Revision: 8 $
	 * @lastrevision $Date: 2011-03-13 08:32:38 +0000 (Sun, 13 Mar 2011) $
	 * @filesource $URL: http://arcadia.googlecode.com/svn/trunk/include/security.json.php $
	 */
	
	date_default_timezone_set('Europe/Rome');

	if(isset($_GET['sAPP']) && !empty($_GET['sAPP'])) {
		$sAPP = $_GET['sAPP'];	
	} else {
		die("[ { \"sScript\": \"security.json.php\", \"sError\": \"sAPP error\" } ]");
	}

	require_once "../$sAPP/include/const.inc.php";
	require_once "../$sAPP/include/functions.php";
	require_once "auth.inc.php";
	require_once "conn.inc.php";
	
	fnGetValueFromGET(array('id','sUsername','sType','iAccessLvl','sWhat','sTable','sViewItemLink','sTab','sField','sAction'));
	
	$sScript = fnCurrentScript();
	
	//
	// non uso l'istruzione nella riga qui sotto (di solito presente quasi tutte le pagine) perchè
	// $iAccessLvl è anche un risultato di fnGetValueFromGET()
	//
	// $iAccessLvl = fnGetAccessLvl('app');
	//
	
	if (is_allowed('sysop', fnGetAccessLvl('app'))) {
		
		// creo un array con tutti gli sUsername definiti
		$aUsers = fnGetDataFromQuery("SELECT `sUsername`, `sType`, `iEnabled` FROM `users`");
			
		switch ($sAction) {
			
			case "edit":
				
				$aRow['id'] = $id;
				$aRow['sType'] = "<td sField='sType' sValue='".$sType."'>".$sType."</td>";
				$aRow['sUsername'] = "<td sField='sUsername' sValue='".$sUsername."'><span class='".fnCheckUsernameTypeDisplayClass($sUsername, $sType, $aUsers)."'>".$sUsername."</span></td>";
				$aRow['iAccessLvl'] = "<td sField='iAccessLvl' sValue='".$iAccessLvl."'>".fnDisplayAccessLvl($iAccessLvl,'html')."</td>";
					
				if (isset($sTable))
					$aRow['sTable'] = "<td sField='sTable' sValue='".$sTable."'>".(isset($aTABLE[$sTable]['sTableName']) ? $aTABLE[$sTable]['sTableName'] : "<span class='error'>errore!</span>")."</td>";
				if (isset($sViewItemLink))
					$aRow['sViewItemLink'] = "<td sField='sViewItemLink' sValue='".$sViewItemLink."'>".(isset($aVIEW[$sViewItemLink]) ? $sViewItemLink : "<span class='error'>errore!</span>")."</td>";
				if (isset($sTab))
					$aRow['sTab'] = "<td sField='sTab' sValue='".$sTab."'>".(isset($aVIEW[$sViewItemLink]['aTabsLabels'][$sTab]) ? $sTab.". ".substr($aVIEW[$sViewItemLink]['aTabsLabels'][$sTab],0,strrpos($aVIEW[$sViewItemLink]['aTabsLabels'][$sTab],'|')) : "<span class='error'>errore!</span>")."</td>";
				if (isset($sField))
					$aRow['sField'] = "<td sField='sField' sValue='".$sField."'>".$sField."</td>";
					
				switch ($sWhat) {
					
					case "sApp":
						$sQuery = "UPDATE `users_access_lvl` SET `iAccessLvl` = '$iAccessLvl', `sUsername` = '$sUsername', `sType` = '$sType' WHERE `id` = '$id'";
						$rResult = custom_mysql_query($sQuery);	
						$sOutput = fnJsonOutput($sScript, $sAction, '', 0, $aRow);
						break;
					
					case "sTable":
						$sQuery = "UPDATE `users_access_lvl` SET `iAccessLvl` = '$iAccessLvl', `sTable` = '$sTable', `sUsername` = '$sUsername', `sType` = '$sType' WHERE `id` = '$id'";
						$rResult = custom_mysql_query($sQuery);	
						$sOutput = fnJsonOutput($sScript, $sAction, '', 0, $aRow);
						break;
					
					case "sViewItemLink":
						$sQuery = "UPDATE `users_access_lvl` SET `iAccessLvl` = '$iAccessLvl', `sViewItemLink` = '$sViewItemLink', `sUsername` = '$sUsername', `sType` = '$sType' WHERE `id` = '$id'";
						$rResult = custom_mysql_query($sQuery);	
						$sOutput = fnJsonOutput($sScript, $sAction, '', 0, $aRow);
						break;
					
					case "sTab":
						$sQuery = "UPDATE `users_access_lvl` SET `iAccessLvl` = '$iAccessLvl', `sTab` = '$sTab', `sViewItemLink` = '$sViewItemLink', `sUsername` = '$sUsername', `sType` = '$sType' WHERE `id` = '$id'";
						$rResult = custom_mysql_query($sQuery);	
						$sOutput = fnJsonOutput($sScript, $sAction, '', 0, $aRow);
						break;
						
					case "sField":
						$sQuery = "UPDATE `users_access_lvl` SET `iAccessLvl` = '$iAccessLvl', `sField` = '$sField', `sTab` = '$sTab', `sViewItemLink` = '$sViewItemLink', `sUsername` = '$sUsername', `sType` = '$sType' WHERE `id` = '$id'";
						$rResult = custom_mysql_query($sQuery);	
						$sOutput = fnJsonOutput($sScript, $sAction, '', 0, $aRow);
						break;
				
					default:
						fnUpdateLog('PARAMETER NOT VALID', 0, 'settings', 'E');
						$sOutput = fnJsonOutput($sScript, $sAction, '', 102);
						break;
				
				}
				
				break;
				
			
			case "trash":
				$sQuery = "DELETE FROM `users_access_lvl` WHERE `id` = '$id'";
				$rResult = custom_mysql_query($sQuery);	
				$sOutput = fnJsonOutput($sScript, $sAction, '', 0);
				break;

				
			default:
				fnUpdateLog('ACTION NOT VALID', 0, 'settings', 'E');
				$sOutput = fnJsonOutput($sScript, $sAction, '', 101);
				break;
				
		}
		
	} else {
	
		fnUpdateLog('LOW RIGHTS', 0, 'users_access_lvl', 'S');
		$sOutput = fnJsonOutput($sScript, $sAction, '', 999);
	
	}
	
	echo $sOutput;

?>